-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DEV-2705 poam update deps #111
base: develop
Are you sure you want to change the base?
Conversation
2854bd6
to
8b1e31a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
@@ -18,7 +18,7 @@ pre-commit: | |||
tox: | |||
parallel: | |||
matrix: | |||
- BUILD_PY_VERSION: [python3.7, python3.8, python3.9, python3.10, python3.11] | |||
- BUILD_PY_VERSION: [python3.7, python3.8, python3.9, python3.10] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I noticed the tox.ini only includes py38. Should we update that to include the additional versions here that are defined for gitlab?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it might be a good idea to keep it to one python version in tox. This matrix section should override the env section in tox. Otherwise the default tox
run locally will run the test suite 4 times.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may have been a bad recommend on my part. My motivation was to keep the files in sync so that if a developer wanted to run tests against all the python versions that gitlab was going to run, that would be an easy option. Otherwise, they could use the -e flag to specify a particular environment.
It seems like there are other concerns here. Maybe we should enact a policy that the tox.ini only has a single target python version, regardless of whether it's a service or library (since gitlab will catch issues with the full set of python versions) and the tox.ini can specify the preferred version of python to use? @ProfOak and @kulgan , thoughts on that?
And that brings up another question. If that's is our intention, what is the appropriate version of python to specify in the tox.ini? Why would we default to python 3.8 instead of either the min or max version?
# via indexd (setup.py) | ||
sqlparse==0.4.4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SNYK is not happy with this one
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://pypi.org/project/sqlparse/#history
need python3.8 to upgrade this.
setup.py
Outdated
@@ -50,5 +49,7 @@ | |||
"requests", | |||
"ddtrace", | |||
"importlib-metadata; python_version < '3.8'", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"importlib-metadata; python_version < '3.8'", | |
"importlib-metadata>=1.4; python_version < '3.8'", |
1.4+ and above is for python3.8+. Also this depends on what indexd is using it for. Can you do a scan to see if indexd uses it for, else I think we should remove and let pip-compile resolve it, same for typing extension
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
used here: https://github.com/NCI-GDC/indexd/blob/develop/indexd/index/blueprint.py#L520
do you think we should remove the endpoint?
tox.ini
Outdated
@@ -1,5 +1,5 @@ | |||
[tox] | |||
envlist = py38 | |||
envlist = py37,py38,py39,py310 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should stick to a specific version of python (the one used at runtime) as this is not a library. I know we use it as a library and I think that is bad and we should stop doing that. Also, having a single python version here does not stop one from running it on multiple python versions, but by default it runs on the proper python version
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was due to my recommendation (which may not have been a good suggestion). Please see my related comments on this in the gitlab yaml.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reset
synk want sqlparse 0.5.0, which only work for python3.8+ |
update dependencies for snyk. Removed python3.11 from gitlab ci
https://gdc-ctds.atlassian.net/browse/DEV-2705
Upgrade idna to version 3.7 or higher.
https://gdc-ctds.atlassian.net/browse/DEV-2703
Upgrade Jinja2 to version 3.1.4 or higher.
The following one needs python3.8, NOT updating in this ticket.
https://gdc-ctds.atlassian.net/browse/DEV-2704
Upgrade werkzeug to version 3.0.3 or higher.
https://pypi.org/project/Werkzeug/